CRA Framework

Project Overview

Goal: Create a detailed mapping of existing cybersecurity standards (IEC62443, ISO27001/2, ETSI 303 645, etc.) to the requirements of the Cyber Resilience Act.

Location: Amsterdam/Eindhoven -> Both could work, preferably Eindhoven
Timeframe: 6 months
Team: Product Security
Supervisor: Raluca Viziteu

Student Attributes

Education:

• Following preferably a master degree in Computer science, Cybersecurity or Information Security Technology. A bachelor degree could also be acceptable.

Technical skills:

• Good understanding of basic cybersecurity principles
• Knowledge of cybersecurity standards is a plus
• Strong analytical and comparative skills to map standards to regulatory requirement
• Technical writing skills to clearly document the mapping

Soft skills:

• Analytical thinking
• Attention to detail
• Problem-solving
• Writing skills
• Time management
• Communication skills

Project Description

Project Overview:
This project aims to create a detailed and systematic mapping between established cybersecurity standards (such as IEC62443, ISO27001/2, ETSI 303 645, and others) and the requirements set forth in the European Union's Cyber Resilience Act (CRA). The goal is to provide a clear understanding of how existing standards align with the CRA's requirements, facilitating easier compliance and implementation for organizations and manufacturers.

Key Objectives:

• Conduct a thorough analysis of the Cyber Resilience Act requirements.
• Perform an in-depth review of major cybersecurity standards including, but not limited to, IEC62443, ISO27001/2, and ETSI 303 645.
• Create a comprehensive mapping between each standard and the CRA requirements.
• Identify gaps where existing standards may not fully address CRA requirements.
• Develop recommendations for addressing identified gaps.
• Create a user-friendly tool or document to navigate the mapping. (a framework)